Home/ Questions/Q 7819501
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T06:58:41+00:00

I have a linked list similar to this: class MemoryCell { protected: unsigned char*

  • 0

I have a linked list similar to this:

class MemoryCell
{
protected:
    unsigned char* _address; // the address offset (in another process)
    unsigned int _size;  // the size of this memory block
    unsigned char* _buffer; // the data

    MemoryCell* _next; // points to next memory cell to form linked list
};

Then I have a MemoryMapper class which will hold the head. I want to get all of the memory cells in it.

// void MemoryMapper::MapAllCells(unsigned int procId)//
unsigned int offset = 0x0;
while (true)
    {
        long memoryData = ptrace(PTRACE_PEEKDATA, procId, offset);
        if (memoryData == -1) break; // need to check for errno(3) too
       // add new MemoryCell w/ data to head of linked list
       // how to get next offset based on what was returned?

it breaks right away at address 0. I thought it might start at 0x0 for that process but I guess I need the real offset. But how can I get the next offset as well (based on size of previous)?

Hope it was clear but I can clarify if needed Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can’t get this information from ptrace(); you can get it from /proc/PID/maps for the child process, though. Note that address 0 is typically not mapped, in order to catch NULL pointer references, and may not make sense for PTRACE_PEEKDATA (separate I and D isn’t generally used these days, and in its absence address 0 is usually text, not data; whether the kernel bothers to distinguish, I don’t know off the top of my head).

    • 0